Consulting

Security Incident Response is like firefighting: it’s not something you need everyday, but when you need it, you want the best, and you want it fast. We’re proud to announce our new cyber security incident response team, and we’d like to tell you what they do, and how best to utilize this new service. We …

Some of the roles within security are all about breaking in to systems, but what about just breaking into the field? Jobs in security are popping up all over the place and recruiters are trying desperately to help fill them. There are many people interested in security, but without previous experience, they often want to …

Secure Ideas is excited to announce the next webcast being offered. In this webcast, James Jardine and Kevin Johnson will talk about the steps leading up to a penetration test. These steps will include determining if you need a test, how to scope the test, and then how to prepare for the impending test. You …

James and I recorded the next episode of the Professionally Evil Perspective podcast this morning. In it we get back to walking through the methodology that we use during a web application penetration test. We had covered recon and mapping, so in this episode we go through the third step; discovery! James and I discuss …

I have a friend who is an alcoholic. A few weeks ago after 5 years of sobriety, she stumbled and had a relapse. It doesn’t make her a bad person, just a fighter. She starts everyday with a reminder of where she’s been, and where she’s going. And in the last 5 years she has …

James and I presented at DerbyCon last week. We talked about some of the weaknesses found in SharePoint deploys and ways to test them. We also walked through a couple of tools we are releasing that people can use to test and exploit SharePoint. Here is the video from that presentation. Kevin Johnson is the …

As a consultant, I spend a lot of my time working with organizations and staff to help them improve their security. I do this via a number of methods including consulting, penetration testing, training, and other services. But the foundation of what I do is explain the what, why, and how of information security. And …

Most everyone in the U.S. is aware that its not uncommon for the Mississippi River to flood in the spring. Even though the river has a series of locks and dams, they are intended for navigation, not flood control. In fact back it the days of Mark Twain there were spot in the Mississippi River …

As security consultants, we regularly travel to clients’ sites and experience a wide range of environments and atmospheres. While some are better than others (and some much worse), it’s very common for the client to not be fully prepared when we arrive. This often results in delays, a less efficient use of the time we …